EU governments and authorities were targeted by criminals looking to cash in on coronavirus (Covid-19) vaccines. Europol has called this “an emerging trend”. It says there are several cases where criminals tried to broker contracts with EU government agencies to supply millions of doses of coronavirus vaccines. By posing as intermediaries and impersonating legitimate pharmaceutical companies, criminals have potentially been able to profit from governments’ fear of vaccine shortages.
Pattern of scams
Law enforcement agencies have warned the public about the sale of fake coronavirus vaccines since late 2020 when vaccine programmes started to be rolled out in the US and the EU. Warnings came as it was reported that shipments of fake coronavirus vaccines were seized by Interpol in South Africa and China.
The agency later released a statement warning against online vaccine scams:
From the very beginning of the pandemic, criminals have preyed on people’s fears in order to make fast cash. Fake vaccines are the latest in these scams, which is why Interpol and HSI are warning the public to be extra vigilant.
The statement warned the public not to be tempted to order vaccines even if it seemed to be from a legitimate pharmaceutical company:
An emerging trend has seen cybercriminals set up illicit websites claiming to be legitimate national and/or world organizations offering pre-orders for vaccines against the COVID-19 virus. These websites offer payments in Bitcoins and other payment processing methods.
Using trademark logos of major pharmaceutical companies producing approved COVID-19 vaccines, the fake websites are suspected of being used to conduct phishing attacks and/or dupe victims into giving charitable donations.
In fact, research from a global threat intelligence team, Unit 42, found that from December 2020 – February 2021, vaccine-related phishing attacks rose by 530%. During the same timeframe it also found that attacks targeting pharmacies and hospitals rose by 189%.
Millions of fake vaccines were offered
Europol told The Canary that there have been several cases where criminals posed as legitimate companies. But in these cases they didn’t target pharmacies or hospitals, they impersonated them and targeted EU government agencies:
Several cases in EU Member States have been recently reported to Europol concerning scams offering to sell millions of doses of COVID-19 vaccines to health ministries and governmental authorities.
In early 2021, EU authorities were the ‘perfect targets’, as they faced immense pressure and public scrutiny while experiencing vaccine shortages. The European Union was so “disappointed” with the amount of vaccines that it launched legal action against AstraZeneca over its shortfall in deliveries.
While the EU was filing legal action against AstraZeneca for its shortfall in deliveries of Covid-19 vaccines, it was widely reported that the global north were hoarding vaccines away from the global south. This includes reports of vaccine hoarding, which has also been described as a vaccine monopoly.
Deliveries were not honoured
Europol told us that they couldn’t disclose the government agencies targeted in the brokering scheme. They did say that the scheme itself was a fraudulent attempt at making money. They explained that criminals sought to profit from the scramble for vaccines from government agencies:
In these cases, criminals have first identified and then – acting as intermediaries and impersonating/acting on behalf of legitimate companies – approached the appropriate country level governmental authorities to broker contracts for the purchase of COVID-19 vaccines. These contracts are fraudulent attempts to steal money, as the deliveries have not been honoured.
While Europol claims that supply chains were not infiltrated, it leaves one question unanswered. Were criminals able to successfully broker contracts with EU government agencies?
We asked Europol exactly this question, but they stated they were unable to comment further. It has told us that investigations remain open.
Speaking to the Department for Health and Social Care (DHSC), they assured us that unlike its PPE contracts, it does not deal with “intermediaries” for vaccine procurement in the UK:
The DHSC procurement team deal direct with vaccine companies through long-established relationships. There are no intermediaries.
How did hackers do it?
Intelligence agencies are currently investigating whether criminals were successful in brokering contracts with government agencies in the EU. Unit 42 published a list of websites it claims were used by hackers in attempts to profit from the coronavirus vaccine roll-out. According to Unit 42, hackers impersonated companies including Pfizer and the NHS through the sites nhs-vaccination.com and pfizersupply.eu:
As a result, Unit 42 has called for changes to be made to cybersecurity defences to keep up with evolving cyber attack trends:
At various points during the COVID-19 pandemic, we have seen attackers shift their focus from one topic to another depending on the current state of events. In the early stages of the pandemic, testing kits and PPE were a significant area of focus for attackers. The focus then shifted to government stimulus and relief programs, before pivoting again to the vaccine rollout. As we have seen, attackers continually adapt to the newest trends. As a result, cybersecurity defences must adapt as well.
Despite criminals continuously adapting their strategies, Europol claims that its initial predictions about fake vaccine trends were ‘correct’.
Authorities say its predictions were ‘correct’
In December 2020, Europol released a statement to the press claiming that its predictions that coronavirus vaccines would be a target for organised crime were correct:
Owing to the pandemic, the demand for influenza treatments has been higher than usual and there are risks of shortages in numerous countries. This high demand may encourage people to seek the vaccine elsewhere. For this reason, once the legitimate vaccine enters the market, counterfeit versions of the brand are expected to circulate rapidly to meet the high demand.
Europol continued:
It is feared that criminals will share disinformation to defraud individuals and companies alike. There have already been cases of advertisements on dark web marketplaces using the brands of genuine pharmaceutical companies that are already in the final stages of testing.
These counterfeit vaccines may pose a significant risk to public health if they are ineffective or toxic, given their production in labs without the required hygiene standards. These fake vaccines may circulate on illicit markets or be introduced to the legal market for distribution.
Despite its statement predicting that the dark web would be a large player in the sale and distribution of fake vaccines, Europol told us that it’s under control, for now.
Offers on the dark-web are limited
We asked Europol if it’s aware of criminals looking to sell vaccines or infiltrate vaccine supply chains using dark web marketplaces. Thankfully, doses available on dark web marketplaces are ‘limited’.
Europol told us:
Such seizures as the ones in China and South Africa have not been reported at this stage to Europol. The offers of fake COVID-19 vaccines listed on dark web marketplaces are for the time being also still limited.
Meanwhile, EU governments have continually placed limits on available production capacity to the rest of the world, despite the World Health Organisation (WHO) urging them to waive intellectual property until countries, particularly in the global south, receive first doses through the COVAX scheme. COVAX has been set up to supply just 20% of a countries population with first doses of Covid-19 vaccines.
EU governments have been quick to buy vaccines and to launch legal action when deliveries don’t arrive. The reality is, however, that limiting supplies to countries outside of the EU and US cuts off resources to countries that are in desperate need. Not only does this leave a fertile ground for vaccine scammers, it also has grave implications for the global fight against the pandemic.
Featured Image: WikiMediaCommons.